I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Generally Accepted Privacy Principles A Global Privacy Framework

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

What are Generally Accepted Privacy Principles (GAPP)? • A privacy framework to help both public and private entities develop and assess their privacy program and privacy risk • Developed by the CICA and AICPA • To create a common North American standard • Endorsed and supported by: • ISACA – Information System and Audit Control Assoc • IIA – The Institute of Internal Auditors 29e Confrence internationale des commissaires à la protection de la vie prive

The Benefits of GAPP • Comprehensive • Framework of over 60 measurable and relevant criteria • Not just a list of principles • Objective • Developed by the auditing profession to • Address international expectations • Create a basis for comparability • Universally available at no charge • Relevant • Widespread use and recognition • Applicable for evaluating privacy risk enterprise-wide • Recognized as suitable criteria for a privacy audit • Can also be the basis for an internal assessment 29e Confrence internationale des commissaires à la protection de la vie prive

Specified Procedures Engagement • What Is It? • A special type of engagement where the procedures are agreed upon by the client and the public accountant • Accountant provides a report listing any exceptions found • Not an audit opinion • Limited distribution of report • When Would This Be Useful? • Organization may not be ready for an audit, but want to provide a third-party report on privacy • Could use selected criteria from GAPP • More cost effective than an audit 29e Confrence internationale des commissaires à la protection de la vie prive

Other Uses of GAPP • Privacy Risk Assessment • Diagnose new or current privacy program • Cannot be relied upon for legal compliance • Benchmarking • Against GAPP criteria or compare results against prior GAPP assessments • Can be used in a local, national or international context • Privacy Notice Development 29e Confrence internationale des commissaires à la protection de la vie prive